Auditing Information Systems : a Comprehensive Reference Guide

5 years ago I was asked to help internal auditors with a helpful audit program, so I decided to do some research and purchased this book over the internet. I am not a professional reviewer, I lack the tactfulness to state my feelings about a book without offending at least the author. Well, here it is in a single statement - do not buy this book! - It is too expensive for a new auditor and too basic for a seasoned auditor who should know about most of the points made in the book. First chapter the author felt the urge to explain computers and used the term CPU, a box containing hardware. The original 1946 EDVAC may have been called a CPU. The author continues ..."there are thousands of them" what a joke. and if you keep reading how he explains memory you will start laughing uncontrollably " the more memory you have the more applications you can run" . There are some good points made and planty of case studies but I ended up using articles I found on the internet for a great audit program based on BS7799. I would recommend, reading books about ISO 2700x for creating great audits.

increasingly, Auditors, Information Security Professionals, Managers, And Audit Committees Are Being Called Upon To Assess The Risks And Evaluate The Controls Over Computer Information Systems In All Types Of Organizations. However, Many Of These Stakeholders Are Unfamiliar With The Techniques They Can Use To Efficiently And Effectively Determine Whether Information Systems Are Adequately Protected. Auditing Information Systems, Second Edition Presents An Easy, Practical Guide To Auditing Information Systems That Can Be Applied To All Computing Environments.

with The Second Edition Of This Popular Resource, Auditors Will Be Able To Examine An Organization’s Hardware, Software, Data Protection, And Processing Methods To Ensure That Adequate Controls And Security Are In Place. Little In The Way Of Prerequisite Technical Know-how Is Required. Author Jack Champlain Begins By Explaining The Basics Of Any Computer System–the Central Processing Unit, Operating System, And Application System–giving Every Auditor The Tools Needed To Begin An Audit. This Is Followed By A Step-by-step Approach For Conducting Information Systems Audits, Detailing Specific Procedures That Auditors Can Readily Apply To Their Own Organizations. The Second Edition Devotes Special Attention To The Issues Of Most Concern To Information Managers Today. It Provides Over 80 Case Studies That Demonstrate How Concepts Can Be Applied In Real-world Situations. Chapter Topics Include:

• information Systems Audit Approach (physical, Logical, Environmental Security)
• security Certifications Such As Sas 70, Trusecure, Cpa Systrust, And Webtrust
• computer Forensics
• e-commerce And Internet Security (including Encryption And Cryptography)
• information Privacy Laws And Regulations
• information Systems Project Management Controls
• new Technologies And Future Risks

as Networks And Enterprise Resource Planning (erp) Systems Bring Resources Together, And As Increasing Privacy Violations And International Political Volatility Threaten More Organizations, Information Systems Integrity Becomes More Important Than Ever. Auditing Information Systems, Second Edition Empowers Auditors, Information Security Professionals, Managers, And Audit Committees To Effectively Gauge The Adequacy And Effectiveness Of Information Systems Controls.

Increasingly, auditors, information security professionals, managers, and audit committees are being called upon to assess the risks and evaluate the controls over computer information systems in all types of organizations. However, many of these stakeholders are unfamiliar with the techniques they can use to efficiently and effectively determine whether information systems are adequately protected. Auditing Information Systems, Second Edition presents an easy, practical guide to auditing information systems that can be applied to all computing environments. With the Second Edition of this popular resource, auditors will be able to examine an organization's hardware, software, data protection, and processing methods to ensure that adequate controls and security are in place. Little in the way of prerequisite technical know-how is required. Author Jack Champlain begins by explaining the basics of any computer system -- the central processing unit, operating system, and application system -- giving every auditor the tools needed to begin an audit. This is followed by a step-by-step approach for conducting information systems audits, detailing specific procedures that auditors can readily apply to their own organizations. The Second Edition devotes special attention to the issues of most concern to information managers today. It provides over 80 case studies that demonstrate how concepts can be applied in real-world situations. As networks and enterprise resource planning (ERP) systems bring resources together, and as increasing privacy violations and international political volatility threaten more organizations, information systems integrity becomes more important than ever. Auditing Information Systems, Second Edition empowers auditors, information security professionals, managers, and audit committees to effectively gauge the adequacy and effectiveness of information systems controls. "Auditing Information Systems, Second Edition presents an easy, practical guide to auditing information systems that can be applied to all computing environments." "With the Second Edition of this popular resource, auditors will be able to examine an organization's hardware, software, data protection, and processing methods to ensure that adequate controls and security are in place. Little in the way of prerequisite technical know-how is required. The Second Edition devotes special attention to the issues of most concern to information managers today. It provides over 80 case studies that demonstrate how concepts can be applied in real-world situations." "Auditing Information Systems, Second Edition empowers auditors, information security professionals, managers, and audit committees to effectively gauge the adequacy and effectiveness of information systems controls."--Jacket

Have you been asked to perform an information systems audit and don't know where to start? Examine a company's hardware, software, and data organization and processing methods to ensure quality control and security with this easy, practical guide to auditing computer systems--the tools necessary to implement an effective IS audit. In nontechnical language and following the format of an IS audit program, you'll gain insight into new types of security certifications (e.g., TruSecure, CAP SysTrust, CPA WebTrust) as well as the importance of physical security controls, adequate insurance, and digital surveillance systems.

Order your copy today!

Have you been asked to perform an information systems audit and don't know where to start? Examine a company's hardware, software, and data organization and processing methods to ensure quality control and security with this easy, practical guide to auditing computer systems--the tools necessary to implement an effective IS audit. In nontechnical language and following the format of an IS audit program, you'll gain insight into new types of security certifications (e.g., TruSecure, CAP SysTrust, CPA WebTrust) as well as the importance of physical security controls, adequate insurance, and digital surveillance systems. Order your copy today! This text explains how to audit the controls and security over all types of information systems environments, and provides a detailed examination of contemporary auditing issues from privacy laws to computer forensics. Before performing an audit of a computing system or assessing the adequacy of an audit that was performed on a computing system, there are a few basics that one must understand about how a computing system functions.